shorewall_code/Shorewall2/tunnels

118 lines
3.3 KiB
Plaintext
Raw Normal View History

#
# Shorewall 2.4 - /etc/shorewall/tunnels
#
# This file defines IPSEC, GRE, IPIP and OPENVPN tunnels.
#
# IPIP, GRE and OPENVPN tunnels must be configured on the
# firewall/gateway itself. IPSEC endpoints may be defined
# on the firewall/gateway or on an internal system.
#
# The columns are:
#
# TYPE -- must start in column 1 and be "ipsec", "ipsecnat","ipip"
# "gre", "6to4", "pptpclient", "pptpserver", "openvpn" or
# "generic"
#
# If the type is "ipsec" or "ipsecnat", it may be followed
# by ":noah" to indicate that the Authentication Header
# protocol (51) is not used by the tunnel.
#
# If type is "openvpn", it may optionally be followed
# by ":" and the port number used by the tunnel. if no
# ":" and port number are included, then the default port
# of 5000 will be used
#
# If type is "generic", it must be followed by ":" and
# a protocol name (from /etc/protocols) or a protocol
# number. If the protocol is "tcp" or "udp" (6 or 17),
# then it may optionally be followed by ":" and a
# port number.
#
# ZONE -- The zone of the physical interface through which
# tunnel traffic passes. This is normally your internet
# zone.
#
# GATEWAY -- The IP address of the remote tunnel gateway. If the
# remote getway has no fixed address (Road Warrior)
# then specify the gateway as 0.0.0.0/0. May be
# specified as a network address and if your kernel and
# iptables include iprange match support then IP address
# ranges are also allowed.
#
# GATEWAY
# ZONES -- Optional. If the gateway system specified in the third
# column is a standalone host then this column should
# contain a comma-separated list of the names of the
# zones that the host might be in. This column only
# applies to IPSEC and generic tunnels.
#
# Example 1:
#
# IPSec tunnel. The remote gateway is 4.33.99.124 and
# the remote subnet is 192.168.9.0/24. The tunnel does
# not use the AH protocol
#
# ipsec:noah net 4.33.99.124
#
# Example 2:
#
# Road Warrior (LapTop that may connect from anywhere)
# where the "gw" zone is used to represent the remote
# LapTop.
#
# ipsec net 0.0.0.0/0 gw
#
# Example 3:
#
# Host 4.33.99.124 is a standalone system connected
# via an ipsec tunnel to the firewall system. The host
# is in zone gw.
#
# ipsec net 4.33.99.124 gw
#
# Example 4:
#
# Road Warriors that may belong to zones vpn1, vpn2 or
# vpn3. The FreeS/Wan _updown script will add the
# host to the appropriate zone using the "shorewall add"
# command on connect and will remove the host from the
# zone at disconnect time.
#
# ipsec net 0.0.0.0/0 vpn1,vpn2,vpn3
#
# Example 5:
#
# You run the Linux PPTP client on your firewall and
# connect to server 192.0.2.221.
#
# pptpclient net 192.0.2.221
#
# Example 6:
#
# You run a PPTP server on your firewall.
#
# pptpserver net
#
# Example 7:
#
# OPENVPN tunnel. The remote gateway is 4.33.99.124 and
# openvpn uses port 7777.
#
# openvpn:7777 net 4.33.99.124
#
# Example 8:
#
# You have a tunnel that is not one of the supported types.
# Your tunnel uses UDP port 4444. The other end of the
# tunnel is 4.3.99.124.
#
# generic:udp:4444 net 4.3.99.124
#
#
# See http://shorewall.net/Documentation.htm#Tunnels for additional information.
#
# TYPE ZONE GATEWAY GATEWAY
# ZONE
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE